•What must be included in a data breach notice and when and to whom must it be disclosed? • What are the risks to our business for noncompliance with any obligations we might have to notify of a data breach? • Have we made proper disclosures to investors regarding the risks of a data breach? •What are potential damages, risks, fees and penalties to management, the board of directors, shareholders, and the business in the event of a data breach? • What role can state or federal investigators play in the event of a data breach or other incident where our system is accessed by an unauthorized party? • How would we work with the FBI or other law enforcement on data breach? • How would we work with outside legal counsel? • How would we handle public relations in the event of a data breach?
Establish a Compliance Program Customized Program
The questions above can be the prelude to a more systematic internal audit of data privacy and security practices of the business followed by implementation of a privacy compliance program. There is no one-size-fits-all privacy compliance program. If little or no customer information is collected by the business, and customer privacy is not generally considered part of the service, the compliance program and training would be far different than it would be for a business that collects, uses, and shares personal data as a key part of its business and related services.
161
Made with FlippingBook - Online Brochure Maker